Home > Blockchain >  Does @ModelAttribute in spring internally invoke request.getParameter()?
Does @ModelAttribute in spring internally invoke request.getParameter()?

Time:11-19

I am working on a legacy project containing many jsps and models. Lot of places, people have used @ModelAttribute to map the request parameters to the specific model class.

My question is, in the conversion of request params to model, does spring internally invoke request.getParameter() method? I want to prevent XSS and already have XSS filter in place. But during request params to model conversion, I don't see control coming to my overriden getParameter() mthod.

CodePudding user response:

For binding Spring has the DataBinder abstraction, for a web request that utilizes the ServletRequestDataBinder. If you take a look at the source code you will end up here which shows a call to WebUtils.getParametersStartingWith.

If you look at the last code you will see that it uses getParameterNames and getParameterValues instead of getParameter.

Page link:https//www.codepudding.com/Blockchain/197478.html

Prev:Unable to load property from application.yml - Junit5
Next:Error when trying to serialize std::wstring with boost::serialization
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding